Private access to projects, jobsets, jobs, logs, and outputs

[k0001]

It should be possible to have Hercules limit access to projects, jobset, jobs, logs and outputs to only those users that have been explicitly granted access to them. This is particularly important for companies who are developing their own proprietary software and only want their staff to be able to access the Hercules UI and do things there. It should also be possible to distinguish between read-only and read-write levels of access.

[expipiplus1]

I wonder how annoying this would be to do due to nix's "share everything" approach. Initially I'll be running a private Hercules instance just on a local network, like we do with hydra at the moment.

[domenkozar]

This is definitely the major use case for companies, but "private" hercules-ci features will come after 1.0 in order to split up work.

Hercules 1.0 is going to be able to build PRs and jobsets in general.

[domenkozar]

@expipiplus1 as @expipiplus1 said, we need a way to securely serve store paths to authenticated person, which needs some thinking how to approach. There are other bits like separate binary cache, etc.